package com.ruoqing.admin.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

/**
	* @author YaoXian
	* @title: ResourceServerConfiguration
	* @projectName ruoxi-blog
	* @description: 若兮微服务 - 统一认证与授权 - 后台管理中心资源服务器配置
	* @date 2020-12-13 16:00
	*/

@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

		/**
			* 除登录端点、人机身份验证端点和Swagger文档端点和验证黑名单端点外,
			* 后台管理中心其它端点请求全部需要鉴权
			* 基础配置 : 其他端点的请求全部需要鉴权是否登录
			* 权限配置 : 根据控制层具体注解权限配置实行鉴权
			* @param http
			* @throws Exception
			*/
		@Override
		public void configure(HttpSecurity http) throws Exception {
				http
								.exceptionHandling()
								.and()
								.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
								.and()
								.authorizeRequests()
								// 开放登录端点、人机身份验证端点验证黑名单和SwaggerApi文档端点,其余端点全部需要鉴权是否登录
								.antMatchers("/auth/login/**","/userStandard/findOffendUser","/auth/check","/**/api-docs")
								.permitAll()
								.anyRequest().authenticated();
		}
}